Have you applied with us before?

Information Security and Risk Analyst III

Information Security and Risk Analyst III

Job Locations 
Job ID 

Job Description


Reporting to the Manager of IS Security and Risk, the Analyst III is a senior level analyst position that will be under moderate supervision and will be responsible for a broad scope of tasks, that will help strengthen the enterprise information security posture and ensure regulatory compliance such as HIPAA, NIST and/or Commonwealth of Virginia (VITA) standards. This role leans more towards an audit and compliance focused skill set.


This position will perform auditing, governance, risk assessments and various remediation activities.  This position is also be responsible for the implementation and validation of standards, processes, and controls

The Information Security Analyst III performs ongoing network security vulnerability assessments and provides solutions to mitigate security risks. This position will also work closely with other team members and management on a variety of tasks as assigned.


The ideal candidate should be able to multitask and give equal attention to a variety of functions, while displaying excellent communications skills that includes the ability to provide formal documentation of analysis and/or research results to include briefings, reports, writing, training to all technical ability levels, and editing at a technical/professional level. The ideal individual will assist the IS manager in training and helping to develop junior team members.  The ideal candidate will also display a proven aptitude in solving problems independently and sound decision-making ability.


Candidate must be detail oriented, well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude. A familiarity of network applications and tools is essential.



  • Position will work closely work with other team members and management on a variety of assigned tasks.
  • Develops and monitors security metrics aligned to goal achievement
  • Ability to resolve all levels of issues regarding information systems security
  • Develops, publish and maintain information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements
  • Leads independent security risk assessments and systems audits, as required;
  • Works to ensure security controls in accordance with the Commonwealth of Virginia (VITA) controls and help generate compliance status reports to management;
  • Leads evaluation IT systems involving software, hardware, configuration, and proposed changes to ensure IT security posture is in compliance with existing information security policies and regulations;
  • Will be responsible for performing and supporting security incident triage on all incidents to determine scope, urgency, and potential operational impact.
  • Leads interviews, collaborate and collect evidence to support implementation of system baseline security controls and performs analysis on evidence to ensure compliance with the systems security plan and risk management framework designs
  • Participates and sometimes facilitates incident response and remediation activities for IT security events.
  • Leads analysis of third-party risk elements in supports of due diligence requirements
  • Responsible for developing and on-going maintenance of information security awareness program
  • Participates in preparation and facilitating enterprise Change Management Activities
  • Possesses ability to work in rapidly changing environment and desire to learn technologies as needed.
  • Team player required: must be able to interact with peers, management, and executives in a constantly evolving environment to ensure a positive customer experience and atmosphere in the workplace.
  • Other duties’ as this role evolves.




  • Bachelors Degree in Business, Mathematics, or Information Systems preferred.


  • At least 3 years of information security experience is required
  • Experience with assessing and implementing technical controls.
  • Experience with any SIEM appliances.
  • Experience with any vulnerability management tools.
  • Knowledge of information systems security and standards.
  • Systems audit and risk assessment experience is required
  • Business acumen to be able to engage business process owners throughout the organization.
  • Possessing strong analytical and problem solving skills.
  • Ability to learn quickly and ability to multitask in a constantly changing workplace
  • Excellent communication (oral, written, presentation), interpersonal and consultative skills.
  • The ability to derive meaningful reporting from team owned security applications to create custom executive reports for security reviews, auditing and project level work is essential.


  • 5 years of Information Technology experience preferred
  • Healthcare Information Technology experience is a plus.
  • Any Defense, Financial or Utility Information Technology industry experience is a plus.
  • Any industry standard security certifications is a plus.


  • Physical health sufficient to meet the ergonomic standards and demands of the position.


About Us

Virginia Premier Health Plan, Inc. is a managed care organization which began as a full-service Medicaid MCO in 1995. Partnered with VCU Medical Systems we strive to meet the needs of the underserved and vulnerable populations in Virginia by delivering quality driven, culturally sensitive and financially viable Medicare and Medicaid healthcare programs.  Headquartered in Richmond, VA we also have offices in Roanoke, Tidewater and Bristol with additional satellite locations allowing us to serve over 200,000 members across eighty counties throughout Virginia. 


We offer competitive salaries and a comprehensive benefits package to include excellent Medical, Dental and Vision Plans, Tuition Assistance, Infant-At-Work Program, Remote Work options and generous vacation and sick leave policies. Our culture supports an environment where employees can continuously learn and gain professional growth through various development programs, education, exciting projects and career mobility.  


All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. EOE


Our mission is to inspire healthy living within the communities we serve!


Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.